SuSE 10 Security Update : ethereal (ZYPP Patch Number 6890)

This update of ethereal fixes : - Several buffer overflows in the LWRES dissector. CVE-2010-0304 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid49846;...

SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 7077)

This update of IBM Java 1.5.0 to SR11 FP2 to fixes the following security issues : - Various unspecified and undocumented vulnerabilities that allows remote attackers to affect confidentiality, integrity and availability via various unknown vectors. CVE-2010-0084 / CVE-2010-0085 / CVE-2010-0087 /...

SuSE 10 Security Update : ncpfs (ZYPP Patch Number 7023)

This update fixes three security issues in ncpfs : Fixed a information leakage on mount CVE-2010-0790 / bnc583536 Fixed a mtab locking problem CVE-2010-0791 / bnc583536 Fixed a race condition in ncpfs mounts. CVE-2010-0788 / bnc550004 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : clamav (ZYPP Patch Number 7056)

This update fixes the following security issues in clamav that can be used as a remote denial of service attack : - An off-by-one buffer overflow. CVE-2010-1640 - A crash while parsing PDFs CVE-2010-1639 / CVE-2010-2077 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of...

SuSE 10 Security Update : evolution-data-server (ZYPP Patch Number 7029)

The following bugs have been fixed : evolution considered S/MIME signatures to be valid even for modified mails CVE-2009-0547. specially crafted base64 encoded messages could cause a heap buffer overflow CVE-2009-0587. A POP3 server sending overly long lines could crash evolution. %NASLMINLEVEL...

SuSE 10 Security Update : cron (ZYPP Patch Number 6865)

This update of cron fixes a race condition in crontab that can be used to change the time-stamp of arbitrary files while editing the crontab entry. - CVSS v2 Base Score: 3.6 Additionally the return value of initgroups is verified now. CVE-2010-0424 %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE 10 Security Update : gpg2 (ZYPP Patch Number 7107)

This update fixes a vulnerability of GnuPG2 to arbitrary code execution by context-dependent attackers due to reusing a freed pointer when verifying a signature or importing a certificate with many 'Subject Alternate Names'. CVE-2010-2547 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 10 Security Update : Postfix (ZYPP Patch Number 6774)

The post install script of postfix accidentally let postfix listen on all network interfaces. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid49918;...

SuSE 10 Security Update : libapr1 (ZYPP Patch Number 6545)

This update of libapr-util1 and libapr1 fixes multiple integer overflows that could probably be used to execute arbitrary code remotely. CVE-2009-2412 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : kdelibs3 (ZYPP Patch Number 6692)

KDE KDELibs Remote Array Overrun Arbitrary code execution, CVE-2009-0689 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid49866; scriptversion"1.11";...

SuSE 10 Security Update : tar (ZYPP Patch Number 6922)

A malicious remote tape server could cause a buffer overflow in tar. In order to exploit that an attacker would have to trick the victim to extract a file that causes tar to open a connection to the rmt server CVE-2010-0624. It's advisable to always use tar's -force-local local option to avoid su...

SuSE 10 Security Update : libvorbis (ZYPP Patch Number 7057)

This update of libvorbis fixes a memory corruption while parsing OGG files. The bug is exploitable by remote attackers to cause an application crash and could probably be exploited to execute arbitrary code. The issue has been tracked as CVE-2009-2663. %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6655)

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...

SuSE 10 Security Update : neon (ZYPP Patch Number 6549)

neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers. CVE-2009-2408 Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts ...

SuSE 10 Security Update : xntp (ZYPP Patch Number 6718)

By sending specially crafted NTP packets attackers could make ntpd flood it's log file with error messages or even run into an endless loop. CVE-2009-3563 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6944)

This update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as CVE-2009-3555. It also fixes a mishandling of OOM conditions in bnwexpand. CVE-2009-3245 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : mutt (ZYPP Patch Number 6673)

This update improves the handling of SSL certificates and fixes a minor usability bug introduced with the last security update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6572)

This update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess. CVE-2009-1195 - modproxy could run into an infinite loop when used as reverse proxy. CVE-2009-1890 - moddeflate continued to compress large files even after a network...

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)

The following bugs have been fixed : An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. CVE-2009-4136 Embedded null bytes in the common na...

SuSE 10 Security Update : ethereal (ZYPP Patch Number 6628)

Update of wireshark to fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. CVE-2009-3549: CVSS v2 Base Score: 5.0 MEDIUM - The DCERPC/NT dissector could crash. CVE-2009-3550: CVSS v2 Base Score: 4.3 MEDIUM - The SMB dissector could crash...